As the world promptly responds to the rapidly changing Covid-19 situation, cybersecurity and technology executives are tasked with critical responsibilities and decisions to mitigate risk to their organizations and businesses. Each one has his/her own ways of handling the situation as per the need and prevailing circumstances.
We, at dynamicCIO, reached out to a wide variety of CISOs and CIOs on LinkedIn to ask for their opinion primarily on three things: – Business Continuity, Remote Connectivity, Digital and Cyber Risks. The sheer purpose of this exercise is to provide peers with guidance and insights on preparedness and share best practices in dealing with the cybersecurity challenges originating from this situation of crisis.
Samir Pawaskar, Cybersecurity Expert from Qatar was one of the first to respond. Mentioned below are his views.
As Samir Wrote:
In a way, the situation that emerged from the spread of Covid-19 has been a positive one for rapid digital transformation across Qatar and most other geographies globally. If I were to specifically speak of Qatar, the impact has been more on the consumer side than the provider side. Over the years, a lot of businesses have invested immensely in digitisation of their services. However, there were certain cultural impediments that prevented their mass adoption. Covid-19, in a way, forced people to take the digital route and the feedback so far has been very encouraging. People have begun to like this new way of doing business and consuming services.
Needless to say, the imperative to ‘work from home’ forced due to social distancing needs has introduced numerous challenges. Let’s put it this way. While organizations were quite ready with their plans and limited infrastructure, they were not ready for the volumes or the kind of disruption that we saw due to the current crisis. At this point, it is important for us to acknowledge the support of tech companies that pitched in with various solutions, including provisioning of free licenses for remote connectivity solutions such as VPNs, encryption technologies, online collaboration, video conferencing and meetings. Thereby, helping organizations to tide over the crisis without worrying about the procurement cycles or the emergency budgets.
However, the scenario exponentially expanded the company’s attack surface as many of the organizations/education institutes were forced to allow employees/students to bring in their own devices (BYOD). BYODs carry a certain amount of risk as they may not be managed by the organisation and may not have adequate end point protection. Further it is possible that a single device may be used across the family, thereby raising the risks.
Another key observation was that even companies that had a Business Continuity Plan (BCP) in place, were not completely ready for the kind of global disruption that we are witness to. There were some challenges here.
- Business Continuity Management (BCM) is really not adopted or well thought of in the SME sector.
- Even large and mature organizations that had a BCP in place, had not really thought about a pandemic of this level. Cannot blame them though, as usually it is based on a Risk Assessment exercise which, in turn, is largely based on probability.
- I am not sure if organizations had thought about a supply chain disruption of this level.
Lastly, being a security/privacy practitioner, I’d say there is a growing concern in the security and privacy community with regards to some of the solutions that have popped up during the Covid-19 crisis to help control this pandemic by enforcing social distancing, helping identify potential infections by virus infected person and so on. Although almost everybody agrees with the potential immediate benefits those solutions offer, there is a potential threat that, firstly, it may set a precedence for infringing privacy and secondly, there is an ethical challenge for governments to stop using this data and similar applications once they have realized the potential and power of such application and data. It may be fine for countries where surveillance society is an acceptable norm, but for others there is a huge risk of this becoming a new normal and this is a bit scary.
(Disclaimer: These views expressed above are entirely personal and have no bearing on the organisation that Samir Pawaskar represents.. Further, the views are based on Samir’s personal understanding of the global scenario and do not necessarily reflect just the Qatar geography alone.)